Virtualization of workloads has become pervasive and there is a need for customers to be able to use the existing installed base of physical network services (such as firewalls, load balancers etc.) to offer network service capability to the virtualized workloads in the same way as in the physical environment, in an on-demand, dynamic fashion, particularly in cloud service provider environments.
In the physical (baremetal) environment, application traffic is assigned to a specific virtual local area network (VLAN) to be sent to the firewall and the traffic from the firewall is sent on another VLAN for ultimate transmission to the network service. To satisfy the needs of large scale multi-tenancy requirements, overlay technologies such as Virtual Extensible LANs (VXLANs) are becoming popular. However, there is no easy way to offer physical network services (such as firewall services) for virtualized workloads using an overlay technology.